1

System: Linux Mint 18.3 Cinnamon 64-bit.

OpenSSL: 1.0.2g

Ordinarily, I would encrypt a file as follows:

openssl enc -aes-256-cbc -salt -in somefile -out somefile.enc

But I wonder what algorithm will be used to hash my password and if I can change it?

Improve this question
4
  • Dupe superuser.com/questions/455463/… except that was out of date until just now; for full details see crypto.stackexchange.com/questions/3298/… . Note that any single hash is a bad PBKDF; SHA-256 is not noticeably better than MD5. And -salt has been the default for over a decade, nearly two.
    – dave_thompson_085
    Commented Dec 10, 2017 at 7:36
  • @dave_thompson_085: OpenSSL does use a KDF instead of simple hash, although it still seems to be homegrown and rather weak (see EVP_BytesToKey).
    – grawity_u1686
    Commented Dec 11, 2017 at 15:46
  • 1
    @grawity my answer to the crypto Q I linked explains this in detail. EVP_BytesToKey is a tweak of PBKDF1 from PKCS5, but commandline enc uses EVP_BytesToKey with iteration count 1 so it does only a single hash per output block, it does NOT actually iterate as PBKDF should. The bear agrees: security.stackexchange.com/questions/29106/…
    – dave_thompson_085
    Commented Dec 12, 2017 at 3:31
  • Vlastimil: You're not using this for bulletproof security, are you? Consider GPG/PGP instead, it should still stump the biggest players. @dave_thompson_085 They're still only iterating once? Yowza. Moving away from MD5 is a baby step at least. Do they track the hash & encryption used, or you still have to remember yourself too? (I've quoted the bear too ;-)
    – Xen2050
    Commented Dec 14, 2017 at 21:10

1 Answer 1

Reset to default
2

I found out by accident, here, that for openssl version 1.1.0:

-md digest
    Use the specified digest to create the key from the passphrase. The default algorithm is sha-256.

So, there is no point of specifying the message digest algorithm for the newer version of openssl as it already uses SHA-256.

But since on my system there is openssl version 1.0.2g, I dug further and found out, here, that:

... In OpenSSL 1.1.0 we changed from MD5 to SHA-256 ...

Essentially, this means, my openssl will by default use the old and obsolete MD5.

Luckily, this can be changed to SHA-256 with openssl version 1.0.2g:

openssl enc -aes-256-cbc -md sha256 -salt -in somefile -out somefile.enc

If you have an older openssl version than me, you might want to try -md sha1, if the above fails.

Improve this answer
1
  • With all the changes to openssl (digest, and the new recommended pbkdf2 password hashing (which has been LONG overdue), it is now nessary to save more information (metadata) with encrypted files, so that you know how that specific encrypted file was actually encrypted. This is especially important as the default iteration count (10000) is woefully inadequate. As such you may like to look at a script that wrappers around "openssl enc" to save and re-read this metadata with the encrypted file. See antofthy.gitlab.io/software/#keepout
    – anthony
    Commented Sep 24, 2020 at 1:31

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .